Reflected Cross-Site Scripting Vulnerability in Themify Builder Plugin for WordPress
CVE-2024-13319
6.1MEDIUM
What is CVE-2024-13319?
The Themify Builder plugin for WordPress is susceptible to a reflected cross-site scripting vulnerability. This flaw arises from using the add_query_arg function without adequate escaping, allowing unauthenticated attackers to craft URLs that can inject arbitrary web scripts. If a user is misled into clicking on a manipulated link, the script will execute in the context of their session, potentially leading to unauthorized actions or data exposure. This vulnerability is present in all versions up to and including 7.6.5.
Affected Version(s)
Themify Builder * <= 7.6.5